What is WorkComposer?

WorkComposer is an employee monitoring application designed to track employee productivity by capturing screenshots of their screens every 20 seconds. It's classified as a surveillance tool or corporate monitoring software.

How was the data leak discovered?

Security researchers at Cybernews discovered the data leak when they found an unprotected Amazon S3 bucket containing millions of real-time screenshots from monitored employees' devices.

What kind of sensitive information was potentially exposed in the leak?

The leaked screenshots potentially exposed highly sensitive information, including: Emails and internal communications Confidential business documents Login pages and credentials API keys and access tokens Financial information Intellectual property Personal employee information

Why was this data leak particularly dangerous?

The real-time nature of the leak made it especially dangerous, as screenshots were continuously being added to the exposed bucket while it remained unsecured. This allowed potential threat actors to monitor business operations as they occurred, providing an ongoing view into sensitive activities and information.

Has the data leak been resolved?

Following notification from Cybernews, WorkComposer has secured access to the data, preventing further public exposure. However, it's unknown how long the data was exposed before discovery or who may have accessed it during that time.

How often does WorkComposer capture screenshots?

WorkComposer is designed to capture screenshots of employees' screens every 20 seconds to monitor their productivity.

Incident

WorkComposer employee monitoring app leaks 21 million screenshots

Q: What happened with WorkComposer's data leak?

WorkComposer, an employee monitoring application, was found leaking over 21 million screenshots to the public internet through an unsecured Amazon S3 bucket. Security researchers at Cybernews discovered the unprotected cloud storage containing real-time screenshots from monitored employees' devices.

Q: Has WorkComposer commented on the data leak?

As of the report, no official comment has been provided by WorkComposer regarding the data leak.

published: April 25, 2025

Take action: Companies - next time you plan to install "employee monitoring" spyware, be aware that these systems can expose you to much more risk than an employee taking half an hour of rest to browse the web during work hours.

Learn More

WorkComposer, an employee monitoring application has been found leaking over 21 million screenshots to the public internet. The surveillance tool (or even corporate spyware if you wish to put it bluntly) is designed to track employee productivity by capturing screenshots every 20 seconds.

WorkComposer left the screenshots accessible in an unsecured Amazon S3 bucket. Security researchers at Cybernews discovered the unprotected cloud storage containing millions of real-time screenshots from monitored employees' devices. These screenshots potentially expose highly sensitive information, including:

Emails and internal communications
Confidential business documents
Login pages and credentials
API keys and access tokens
Financial information
Intellectual property
Personal employee information

The number of affected individuals is not disclosed.

The real-time nature of the leak made it even more dangerous, as the screenshots were continuously being added to the exposed bucket, allowing potential threat actors to monitor business operations as they occurred. Following notification from Cybernews, the company has secured access to the data, though no official comment has been provided by WorkComposer.

WorkComposer employee monitoring app leaks 21 million screenshots

Read More
Cognizant / TMG Health reports Data Breach, exposes …
LogicMonitor customers impacted by ransomware deployed through LogicMonitor …
Pivotal Software reports phishing attack, data breach
Another breach of Internet Archive - this time …
WhatsApp accounts of Hong Kong schools and service …